Merge "Support authentication via SAML 2.0 assertions"

author: Jenkins <jenkins@review.openstack.org> 2014-03-01 02:32:45 +0000
committer: Gerrit Code Review <review@openstack.org> 2014-03-01 02:32:45 +0000
commit: a862bb8b05e0eaf14dae6ff71f9765b4fc848958 (patch)
tree: 252d59a5de50e41ade8b3d462b556c7d1263f1ce /keystone/assignment/backends/sql.py
parent: 716c52c5c9bd512b00884fc8f7e51eb58b03b035 (diff)
parent: 986c3eb08aa019a5793074fd7bade83972135271 (diff)
download: keystone-a862bb8b05e0eaf14dae6ff71f9765b4fc848958.tar.gz
1 files changed, 46 insertions, 0 deletions
diff --git a/keystone/assignment/backends/sql.py b/keystone/assignment/backends/sql.py
index 76b4f7b9c..595658bb5 100644
--- a/keystone/assignment/backends/sql.py
+++ b/keystone/assignment/backends/sql.py
@@ -279,6 +279,52 @@ class Assignment(assignment.Driver):
 
             return _project_ids_to_dicts(session, project_ids)
 
+    def get_roles_for_groups(self, group_ids, project_id=None, domain_id=None):
+
+        if project_id is not None:
+            assignment_type = AssignmentType.GROUP_PROJECT
+            target_id = project_id
+        elif domain_id is not None:
+            assignment_type = AssignmentType.GROUP_DOMAIN
+            target_id = domain_id
+        else:
+            raise AttributeError(_("Must specify either domain or project"))
+
+        sql_constraints = sql.and_(
+            RoleAssignment.type == assignment_type,
+            RoleAssignment.target_id == target_id,
+            Role.id == RoleAssignment.role_id,
+            RoleAssignment.actor_id.in_(group_ids))
+
+        session = db_session.get_session()
+        with session.begin():
+            query = session.query(Role).filter(
+                sql_constraints).distinct()
+        return [role.to_dict() for role in query.all()]
+
+    def _list_entities_for_groups(self, group_ids, entity):
+        if entity == Domain:
+            assignment_type = AssignmentType.GROUP_DOMAIN
+        else:
+            assignment_type = AssignmentType.GROUP_PROJECT
+
+        group_sql_conditions = sql.and_(
+            RoleAssignment.type == assignment_type,
+            entity.id == RoleAssignment.target_id,
+            RoleAssignment.actor_id.in_(group_ids))
+
+        session = db_session.get_session()
+        with session.begin():
+            query = session.query(entity).filter(
+                group_sql_conditions)
+        return [x.to_dict() for x in query.all()]
+
+    def list_projects_for_groups(self, group_ids):
+        return self._list_entities_for_groups(group_ids, Project)
+
+    def list_domains_for_groups(self, group_ids):
+        return self._list_entities_for_groups(group_ids, Domain)
+
     def add_role_to_user_and_project(self, user_id, tenant_id, role_id):
         with sql.transaction() as session:
             self._get_project(session, tenant_id)
author	Jenkins <jenkins@review.openstack.org>	2014-03-01 02:32:45 +0000
committer	Gerrit Code Review <review@openstack.org>	2014-03-01 02:32:45 +0000
commit	a862bb8b05e0eaf14dae6ff71f9765b4fc848958 (patch)
tree	252d59a5de50e41ade8b3d462b556c7d1263f1ce /keystone/assignment/backends/sql.py
parent	716c52c5c9bd512b00884fc8f7e51eb58b03b035 (diff)
parent	986c3eb08aa019a5793074fd7bade83972135271 (diff)
download	keystone-a862bb8b05e0eaf14dae6ff71f9765b4fc848958.tar.gz